Unifying Facets of Information Integrity

Information integrity is a vital security property in a variety of applications. However, there is more than one facet to integrity: interpretations of integrity in different contexts include integrity via information flow, where the key is that trusted output is independent from untrusted input, and integrity via invariance, where the key is preservation of an invariant. Furthermore, integrity via invariance is itself multi-faceted. For example, the literature features formalizations of invariance as predicate preservation (predicate invariance), which is not directly compatible with invariance of memory values (value invariance). This paper offers a unified framework for integrity policies that include all of the facets above. Despite the different nature of these facets, we show that a straightforward enforcement mechanism adapted from the literature is readily available for enforcing all of the integrity facets at once.

[1]  Ravi S. Sandhu,et al.  On Five Definitions of Data Integrity , 1993, Database Security.

[2]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[3]  Alejandro Russo,et al.  Dynamic vs. Static Flow-Sensitive Security Analysis , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[4]  Anindya Banerjee,et al.  Expressive Declassification Policies and Modular Static Enforcement , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[5]  Peng Li,et al.  Unifying Confidentiality and Integrity in Downgrading Policies , 2005 .

[6]  Mogens Nielsen,et al.  TAPSOFT '95: Theory and Practice of Software Development , 1995, Lecture Notes in Computer Science.

[7]  Andrew C. Myers,et al.  SIF: Enforcing Confidentiality and Integrity in Web Applications , 2007, USENIX Security Symposium.

[8]  David Sands,et al.  Termination-Insensitive Noninterference Leaks More Than Just a Bit , 2008, ESORICS.

[9]  Andrew C. Myers,et al.  Jif: java information flow , 1999 .

[10]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[11]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[12]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[14]  Erik Poll,et al.  Explicit information flow properties in JML , 2008 .

[15]  C. Dima,et al.  Nondeterministic noninterference and deducible information flow , 2022 .

[16]  Peng Li Yun Mao Steve Zdancewic Information Integrity Policies , 2003 .

[17]  Xin Zheng,et al.  Secure web applications via automatic partitioning , 2007, SOSP.

[18]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[19]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[20]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[21]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[22]  Leonard J. LaPadula,et al.  MITRE technical report 2547, volume II , 1996 .

[23]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[24]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[25]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[26]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[27]  Sebastian Maneth,et al.  Efficient Memory Representation of XML Documents , 2005, DBPL.

[28]  Martín Abadi,et al.  Code-Carrying Authorization , 2008, ESORICS.

[29]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[30]  John M. Boone,et al.  Integrity in Automated Information Systems , 1991 .

[31]  Shari Lawrence Pfleeger,et al.  Security in Computing, 4th Edition , 2006 .

[32]  D. Gollmann,et al.  Computer Security 2e , 2005 .

[33]  Andrew C. Myers,et al.  Robust declassification , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[34]  Peter J. Denning,et al.  Certification of programs for secure information flow , 1977, CACM.

[35]  James Cheney,et al.  Provenance as dependency analysis† , 2007, Mathematical Structures in Computer Science.

[36]  Peter Ørbæk Can you Trust your Data? , 1995, TAPSOFT.

[37]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[38]  Anindya Banerjee,et al.  Stack-based access control and secure information flow , 2005, J. Funct. Program..

[39]  Michael R. Clarkson,et al.  Quantification of Integrity , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[40]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[41]  Gérard Boudol,et al.  Access Control and Declassification , 2007 .

[42]  D. Naumann,et al.  Theory for Software Verification — Draft , 2009 .

[43]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[44]  Frank Pfenning,et al.  Refinement types for ML , 1991, PLDI '91.

[45]  Jens Palsberg,et al.  Trust in the λ-calculus , 1995, Journal of Functional Programming.

[46]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[47]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[48]  Andrei Sabelfeld,et al.  Tight Enforcement of Information-Release Policies for Dynamic Languages , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[49]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[50]  Andrew C. Myers,et al.  Enforcing Robust Declassification and Qualified Robustness , 2006, J. Comput. Secur..

[51]  Andrew C. Myers,et al.  A Model for Delimited Information Release , 2003, ISSS.

[52]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[53]  Andrew C. Myers,et al.  A Semantic Framework for Declassification and Endorsement , 2010, ESOP.

[54]  Andrei Sabelfeld,et al.  Gradual Release: Unifying Declassification, Encryption and Key Release Policies , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[55]  Richard J. Lipton,et al.  Foundations of Secure Computation , 1978 .